A sample SOW Worql generates.

Vendor will design, build, and deliver Meridian Payments — a full-stack payments orchestration platform — to production. Coverage spans merchant onboarding (KYB / KYC), the payment-method abstraction layer (cards, ACH, UPI, SEPA), the ledger and reconciliation engine, the dispute and chargeback workflow, the merchant dashboard, the partner API and SDKs, and the SOC 2 / PCI-DSS evidence pipeline.

• All deliverables listed in Exhibit A (37 in-scope features across 9 surfaces) on the timeline in Exhibit B (24 weeks, 8 three-week milestones).
• Reference architecture: Next.js 14 + tRPC + Postgres (Aurora) + Temporal for orchestration + a Java-based ledger core. Schema changes after M3 require a written change order.
• Out of scope: native mobile SDKs, in-person POS terminal firmware, Latin-American local-acquirer integrations, and the CRM integration in §3.4 of the Term Sheet.

Total fixed fee: USD 742,500, billed against eight milestones. Each milestone unlocks on a reviewable artifact — a working staging URL, a passing audit dossier, an attestation report, or a merged PR set tagged for acceptance. “Done” without an artifact is not a billable state.

• M1 — Foundations (USD 67,500): monorepo, staging environment, CI gates, secrets management, telemetry baseline, threat model v1.
• M2 — Identity + KYB / KYC (USD 90,000): onboarding flow, identity-provider integration, sanctions screening, document-collection pipeline.
• M3 — Payment-method abstraction (USD 90,000): card + ACH + UPI + SEPA rails behind a uniform internal API, with idempotency keys and provider failover.
• M4 — Ledger + reconciliation (USD 112,500): double-entry ledger with end-of-day reconciliation against three acquirer report formats.
• M5 — Disputes + chargebacks (USD 75,000): dispute case lifecycle, evidence collection, network response webhook.
• M6 — Merchant dashboard (USD 75,000): reporting, exports, role-based access, search, WCAG 2.2 AA.
• M7 — Partner API + SDKs (USD 105,000): versioned public API, TypeScript + Python SDKs, webhook subscriptions, partner sandbox.
• M8 — Production cutover + SOC 2 dossier (USD 127,500): production deploy, DNS + WAF cutover, 21-day stabilization, complete SOC 2 Type I evidence pack.

Vendor commits a dedicated pod of one engineering lead (≥10 yrs, payments background), two senior full-stack engineers, one ledger / backend specialist (Java + Postgres), one security engineer, and a part-time engagement manager. All named in Exhibit D. Sustained substitution of a junior for any named senior is grounds for fee adjustment under §8.

All deliverables — source code, designs, documentation, build artifacts, security-evidence documents — are works made for hire under the Indian Copyright Act, 1957. To the extent any deliverable does not vest in Client by operation of law, Vendor irrevocably assigns all right, title and interest worldwide (including moral rights to the extent waivable) on payment of the relevant milestone fee. Vendor retains no residual licence.

Payments are made in USD by wire to Vendor’s nominated INR-convertible account, with FIRC issuance against each milestone. Vendor provides a current W-8BEN-E and confirms LUT-covered export-of-services status for GST. Foreign remittance is subject to RBI / FEMA guidelines; Client’s obligation is limited to remitting the invoiced amount in USD within net-15 of milestone acceptance.

Vendor processes Client and end-user personal data as a Data Processor under the DPDPA 2023 and, where applicable, GDPR Art. 28 and the UK GDPR. A Data Processing Addendum (Exhibit F) governs sub-processing, breach notification (72 hours), end-of-engagement deletion / return, and the EU Standard Contractual Clauses for EEA-to-India transfers. Cardholder data scope is constrained per Exhibit G (PCI-DSS v4.0).

Vendor commits to the control baseline in Exhibit H, aligned to SOC 2 Trust Services Criteria. Independent penetration tests at M4 and M8 are commissioned by Client at Client expense; remediation of P0/P1 findings within Vendor control is in scope. Vendor maintains cyber-liability insurance of at least USD 5,000,000 aggregate with Client named as additional insured.

Each milestone is accepted by written sign-off from Client’s named reviewer within 10 business days of artifact delivery, or deemed accepted absent written objection. Scope changes are handled by signed change order with explicit fee and timeline impact; verbal or Slack-only changes do not modify this SOW. Disputes unresolved within 30 days go to arbitration under the SIAC Rules, seat Singapore, in English, before a three-arbitrator panel. Governing law: the State of Delaware, USA.

Either party may terminate for material breach uncured for 15 days after written notice. On termination, Vendor delivers all in-progress work, source, credentials, security-evidence documentation, and Exhibit D handover notes within 5 business days. Client pays for work accepted to date plus a pro-rata share of the in-flight milestone calculated on artifact progress, not hours. The IP assignment in §4 survives termination.